<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
                      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
    <title>Advanced Usage - Zend Framework Manual</title>

    <link href="../css/shCore.css" rel="stylesheet" type="text/css" />
    <link href="../css/shThemeDefault.css" rel="stylesheet" type="text/css" />
    <link href="../css/styles.css" media="all" rel="stylesheet" type="text/css" />
</head>
<body>
<h1>Zend Framework</h1>
<h2>Programmer's Reference Guide</h2>
<ul>
    <li><a href="../en/zend.acl.advanced.html">Inglês (English)</a></li>
    <li><a href="../pt-br/zend.acl.advanced.html">Português Brasileiro (Brazilian Portuguese)</a></li>
</ul>
<table width="100%">
    <tr valign="top">
        <td width="85%">
            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.acl.refining.html">Refining Access Controls</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.acl.html">Zend_Acl</a></span><br />
                        <span class="home"><a href="manual.html">Programmer's Reference Guide</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.amf.html">Zend_Amf</a></div>
                    </td>
                </tr>
            </table>
<hr />
<div id="zend.acl.advanced" class="section"><div class="info"><h1 class="title">Advanced Usage</h1></div>
    

    <div class="section" id="zend.acl.advanced.storing"><div class="info"><h1 class="title">Storing ACL Data for Persistence</h1></div>
        

        <p class="para">
            <span class="classname">Zend_Acl</span> was designed in such a way that it does not require any
            particular backend technology such as a database or cache server for storage of the
            <acronym class="acronym">ACL</acronym> data. Its complete <acronym class="acronym">PHP</acronym> implementation enables
            customized administration tools to be built upon <span class="classname">Zend_Acl</span> with
            relative ease and flexibility. Many situations require some form of interactive
            maintenance of the <acronym class="acronym">ACL</acronym>, and <span class="classname">Zend_Acl</span> provides
            methods for setting up, and querying against, the access controls of an application.
        </p>

        <p class="para">
            Storage of <acronym class="acronym">ACL</acronym> data is therefore left as a task for the developer,
            since use cases are expected to vary widely for various situations. Because
            <span class="classname">Zend_Acl</span> is serializable, <acronym class="acronym">ACL</acronym> objects may be
            serialized with <acronym class="acronym">PHP</acronym>&#039;s <a href="http://php.net/serialize" class="link external">&raquo; 
                 <span class="methodname">serialize()</span></a> function, and the results may be
            stored anywhere the developer should desire, such as a file, database, or caching
            mechanism.
        </p>
    </div>

    <div class="section" id="zend.acl.advanced.assertions"><div class="info"><h1 class="title">Writing Conditional ACL Rules with Assertions</h1></div>
        

        <p class="para">
            Sometimes a rule for allowing or denying a role access to a resource should not be
            absolute but dependent upon various criteria. For example, suppose that certain access
            should be allowed, but only between the hours of 8:00am and 5:00pm. Another example
            would be denying access because a request comes from an IP address that has been
            flagged as a source of abuse. <span class="classname">Zend_Acl</span> has built-in support for
            implementing rules based on whatever conditions the developer needs.
        </p>

        <p class="para">
            <span class="classname">Zend_Acl</span> provides support for conditional rules with
            <span class="classname">Zend_Acl_Assert_Interface</span>. In order to use the rule assertion
            interface, a developer writes a class that implements the
             <span class="methodname">assert()</span> method of the interface:
        </p>

        <pre class="programlisting brush: php">
class CleanIPAssertion implements Zend_Acl_Assert_Interface
{
    public function assert(Zend_Acl $acl,
                           Zend_Acl_Role_Interface $role = null,
                           Zend_Acl_Resource_Interface $resource = null,
                           $privilege = null)
    {
        return $this-&gt;_isCleanIP($_SERVER[&#039;REMOTE_ADDR&#039;]);
    }

    protected function _isCleanIP($ip)
    {
        // ...
    }
}
</pre>


        <p class="para">
            Once an assertion class is available, the developer must supply an instance of the
            assertion class when assigning conditional rules. A rule that is created with an
            assertion only applies when the assertion method returns <b><tt>TRUE</tt></b>.
        </p>

        <pre class="programlisting brush: php">
$acl = new Zend_Acl();
$acl-&gt;allow(null, null, null, new CleanIPAssertion());
</pre>


        <p class="para">
            The above code creates a conditional allow rule that allows access to all privileges
            on everything by everyone, except when the requesting IP is &quot;blacklisted.&quot; If a request
            comes in from an IP that is not considered &quot;clean,&quot; then the allow rule does not apply.
            Since the rule applies to all roles, all resources, and all privileges, an &quot;unclean&quot; IP
            would result in a denial of access. This is a special case, however, and it should be
            understood that in all other cases (i.e., where a specific role, resource, or privilege
            is specified for the rule), a failed assertion results in the rule not applying, and
            other rules would be used to determine whether access is allowed or denied.
        </p>

        <p class="para">
            The  <span class="methodname">assert()</span> method of an assertion object is passed the
            <acronym class="acronym">ACL</acronym>, role, resource, and privilege to which the authorization query
            (i.e.,  <span class="methodname">isAllowed()</span>) applies, in order to provide a context for
            the assertion class to determine its conditions where needed.
        </p>
    </div>
</div>
        <hr />

            <table width="100%">
                <tr>
                    <td width="25%" style="text-align: left;">
                    <a href="zend.acl.refining.html">Refining Access Controls</a>
                    </td>

                    <td width="50%" style="text-align: center;">
                        <div class="up"><span class="up"><a href="zend.acl.html">Zend_Acl</a></span><br />
                        <span class="home"><a href="manual.html">Programmer's Reference Guide</a></span></div>
                    </td>

                    <td width="25%" style="text-align: right;">
                        <div class="next" style="text-align: right; float: right;"><a href="zend.amf.html">Zend_Amf</a></div>
                    </td>
                </tr>
            </table>
</td>
        <td style="font-size: smaller;" width="15%"> <style type="text/css">
#leftbar {
	float: left;
	width: 186px;
	padding: 5px;
	font-size: smaller;
}
ul.toc {
	margin: 0px 5px 5px 5px;
	padding: 0px;
}
ul.toc li {
	font-size: 85%;
	margin: 1px 0 1px 1px;
	padding: 1px 0 1px 11px;
	list-style-type: none;
	background-repeat: no-repeat;
	background-position: center left;
}
ul.toc li.header {
	font-size: 115%;
	padding: 5px 0px 5px 11px;
	border-bottom: 1px solid #cccccc;
	margin-bottom: 5px;
}
ul.toc li.active {
	font-weight: bold;
}
ul.toc li a {
	text-decoration: none;
}
ul.toc li a:hover {
	text-decoration: underline;
}
</style>
 <ul class="toc">
  <li class="header home"><a href="manual.html">Programmer's Reference Guide</a></li>
  <li class="header up"><a href="manual.html">Programmer's Reference Guide</a></li>
  <li class="header up"><a href="reference.html">Zend Framework Reference</a></li>
  <li class="header up"><a href="zend.acl.html">Zend_Acl</a></li>
  <li><a href="zend.acl.introduction.html">Introduction</a></li>
  <li><a href="zend.acl.refining.html">Refining Access Controls</a></li>
  <li class="active"><a href="zend.acl.advanced.html">Advanced Usage</a></li>
 </ul>
 </td>
    </tr>
</table>

<script type="text/javascript" src="../js/shCore.js"></script>
<script type="text/javascript" src="../js/shAutoloader.js"></script>
<script type="text/javascript" src="../js/main.js"></script>

</body>
</html>